Sending credentials with cross-domain posts?

According to Requests with credentials, Firefox will only send credentials along with cross-domain posts if

invocation.withCredentials = "true";

is set… But it doesn't seem like jQuery's Ajax API provides any mechanism for this.

Is there something I've missed? Is there some other way I can do it?



Functionality is supposed to be broken in jQuery 1.5.

Since jQuery 1.5.1 you should use xhrFields param.

    type: "POST",
    data: {},
    dataType: 'json',
    xhrFields: {
       withCredentials: true
    crossDomain: true


Reported bug:


In jQuery 3 and perhaps earlier versions, the following simpler config also works for individual requests:

            dataType: 'json',
            xhrFields: {
                withCredentials: true
            success: successFunc

The full error I was getting in Firefox Dev Tools -> Network tab (in the Security tab for an individual request) was:

An error occurred during a connection to peer was unable to negotiate an acceptable set of security parameters.Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT


You can use the beforeSend callback to set additional parameters (The XMLHTTPRequest object is passed to it as its only parameter).

Just so you know, this type of cross-domain request will not work in a normal site scenario and not with any other browser. I don't even know what security limitations FF 3.5 imposes as well, just so you don't beat your head against the wall for nothing:

    url: 'http://bar.other',
    data: { whatever:'cool' },
    type: 'GET',
    beforeSend: function(xhr){
       xhr.withCredentials = true;

One more thing to beware of, is that jQuery is setup to normalize browser differences. You may find that further limitations are imposed by the jQuery library that prohibit this type of functionality.


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.